Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-j6vm-4r7g-x4gr
  • NuGet/Devolutions.XTS.NET
Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications 27 Nov
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-xhg6-9j5j-w4vf
  • NuGet/DotNetZip
  • NuGet/ProDotNetZip
DotNetZip Directory Traversal vulnerability 13 Nov
  • Fix available
  • Severity - 8.6 (High)
GHSA-v7vf-f5q6-m899
  • NuGet/System.Formats.Nrbf
.NET Remote Code Execution Vulnerability 12 Nov
  • Fix available
  • Severity - 9.2 (Critical)
GHSA-6x36-qxmj-rv4p
  • NuGet/System.Formats.Nrbf
.NET Denial of Service Vulnerability 12 Nov
  • Fix available
GHSA-7mr7-4f54-vcx5
  • NuGet/Duende.AccessTokenManagement.OpenIdConnect
HTTP Client uses incorrect token after refresh 07 Nov
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-3hxg-fxwm-8gf7
  • NuGet/Refit
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes 04 Nov
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-4gmq-m9vp-jrwg
  • NuGet/Umbraco.Cms.Core
Umbraco CMS Cross-site Scripting vulnerability 04 Nov
  • No fix available
  • Severity - 1.3 (Low)
GHSA-2qw8-ppr5-m96c
  • NuGet/Lucene.Net.Replicator
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability 31 Oct
  • Fix available
  • Severity - 8.6 (High)
GHSA-24mc-gc52-47jv
  • NuGet/ICG.AspNetCore.Utilities.CloudStorage
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected 30 Oct
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-v9xq-2mvm-x8xc
  • NuGet/Duende.IdentityServer
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs 28 Oct
  • Fix available
  • Severity - 2.1 (Low)
GHSA-j945-c44v-97g6
  • Maven/net.sf.mpxj:mpxj
  • RubyGems/mpxj
  • PyPI/mpxj
  • NuGet/net.sf.mpxj
  • NuGet/net.sf.mpxj-for-csharp
  • NuGet/net.sf.mpxj-for-vb
  • NuGet/MPXJ.Net
MPXJ has a Potential Path Traversal Vulnerability 28 Oct
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-wxw9-6pv9-c3xc
  • NuGet/Umbraco.CMS
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out 22 Oct
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-5955-cwv4-h7qh
  • NuGet/UmbracoCms
  • NuGet/Umbraco.Cms
Umbraco has a Potential Code Execution Risk When Viewing SVG Files in Full Screen in Backoffice 22 Oct
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-fp6q-gccw-7qqm
  • NuGet/Umbraco.CMS
  • NuGet/UmbracoCMS
Umbraco CMS logout page displayed before session expiration 22 Oct
  • Fix available
  • Severity - 4.2 (Medium)
GHSA-4gp9-ff99-j6vj
  • NuGet/Umbraco.CMS
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API 22 Oct
  • Fix available
GHSA-c5g6-6xf7-qxp3
  • NuGet/Umbraco.Cms.StaticAssets
  • npm/@umbraco-cms/backoffice
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section 22 Oct
  • Fix available
  • Severity - 4.2 (Medium)